From 1ef65b87edf8dad9324697de159dba367b47a27d Mon Sep 17 00:00:00 2001 From: Jesse McConnell Date: Fri, 15 Sep 2006 20:03:12 +0000 Subject: [PATCH] throw an exception int he secure action code when the session is null, telling the interceptor to deny access git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/trunk@446712 13f79535-47bb-0310-9956-ffa450edef68 --- .../archiva/web/action/admin/UserManagementAction.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/UserManagementAction.java b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/UserManagementAction.java index 54df3236f..8ff5b8f03 100644 --- a/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/UserManagementAction.java +++ b/archiva-webapp/src/main/java/org/apache/maven/archiva/web/action/admin/UserManagementAction.java @@ -190,9 +190,14 @@ public class UserManagementAction bundle.setRequiresAuthentication( true ); bundle.requiresAuthorization( "edit-all-users", Resource.GLOBAL); - + SecuritySession securitySession = (SecuritySession) session.get( SecuritySession.ROLE ); + if ( securitySession == null ) + { + throw new SecureActionException( "no session, not authenticated, not allowed access" ); + } + User user = securitySession.getUser(); if ( user != null ) -- 2.39.5